public void EnsureCreateIdentityTokenSigningCertificate_DoesNotCreateACertificate_WhenThereIsAnExistingHttpsCertificates() { // Arrange const string CertificateName = nameof(EnsureCreateIdentityTokenSigningCertificate_DoesNotCreateACertificate_WhenThereIsAnExistingHttpsCertificates) + ".pfx"; var certificatePassword = Guid.NewGuid().ToString(); var manager = new CertificateManager(); manager.RemoveAllCertificates(CertificatePurpose.Signing, StoreName.My, StoreLocation.CurrentUser, TestCertificateSubject); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { manager.RemoveAllCertificates(CertificatePurpose.Signing, StoreName.Root, StoreLocation.CurrentUser, TestCertificateSubject); } DateTimeOffset now = DateTimeOffset.UtcNow; now = new DateTimeOffset(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, 0, now.Offset); manager.EnsureAspNetCoreApplicationTokensDevelopmentCertificate(now, now.AddYears(1), path: null, trust: false, subject: TestCertificateSubject); var identityTokenSigningCertificates = manager.ListCertificates(CertificatePurpose.Signing, StoreName.My, StoreLocation.CurrentUser, isValid: false).Single(c => c.Subject == TestCertificateSubject); // Act var result = manager.EnsureAspNetCoreApplicationTokensDevelopmentCertificate(now, now.AddYears(1), CertificateName, trust: false, includePrivateKey: true, password: certificatePassword, subject: TestCertificateSubject); // Assert Assert.Equal(EnsureCertificateResult.ValidCertificatePresent, result); Assert.True(File.Exists(CertificateName)); var exportedCertificate = new X509Certificate2(File.ReadAllBytes(CertificateName), certificatePassword); Assert.NotNull(exportedCertificate); Assert.True(exportedCertificate.HasPrivateKey); Assert.Equal(identityTokenSigningCertificates.GetCertHashString(), exportedCertificate.GetCertHashString()); }
public void EnsureCreateIdentityTokenSigningCertificate_CreatesACertificate_WhenThereAreNoHttpsCertificates() { // Arrange const string CertificateName = nameof(EnsureCreateIdentityTokenSigningCertificate_CreatesACertificate_WhenThereAreNoHttpsCertificates) + ".cer"; var manager = new CertificateManager(); manager.RemoveAllCertificates(CertificatePurpose.Signing, StoreName.My, StoreLocation.CurrentUser, TestCertificateSubject); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { manager.RemoveAllCertificates(CertificatePurpose.Signing, StoreName.Root, StoreLocation.CurrentUser, TestCertificateSubject); } // Act DateTimeOffset now = DateTimeOffset.UtcNow; now = new DateTimeOffset(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, 0, now.Offset); var result = manager.EnsureAspNetCoreApplicationTokensDevelopmentCertificate(now, now.AddYears(1), CertificateName, trust: false, subject: TestCertificateSubject); // Assert Assert.Equal(EnsureCertificateResult.Succeeded, result); Assert.True(File.Exists(CertificateName)); var exportedCertificate = new X509Certificate2(File.ReadAllBytes(CertificateName)); Assert.NotNull(exportedCertificate); Assert.False(exportedCertificate.HasPrivateKey); var identityCertificates = manager.ListCertificates(CertificatePurpose.Signing, StoreName.My, StoreLocation.CurrentUser, isValid: false); var identityCertificate = Assert.Single(identityCertificates, i => i.Subject == TestCertificateSubject); Assert.True(identityCertificate.HasPrivateKey); Assert.Equal(TestCertificateSubject, identityCertificate.Subject); Assert.Equal(TestCertificateSubject, identityCertificate.Issuer); Assert.Equal("sha256RSA", identityCertificate.SignatureAlgorithm.FriendlyName); Assert.Equal("1.2.840.113549.1.1.11", identityCertificate.SignatureAlgorithm.Value); Assert.Equal(now.LocalDateTime, identityCertificate.NotBefore); Assert.Equal(now.AddYears(1).LocalDateTime, identityCertificate.NotAfter); Assert.Contains( identityCertificate.Extensions.OfType <X509Extension>(), e => e is X509BasicConstraintsExtension basicConstraints && basicConstraints.Critical == true && basicConstraints.CertificateAuthority == false && basicConstraints.HasPathLengthConstraint == false && basicConstraints.PathLengthConstraint == 0); Assert.Contains( identityCertificate.Extensions.OfType <X509Extension>(), e => e is X509KeyUsageExtension keyUsage && keyUsage.Critical == true && keyUsage.KeyUsages == X509KeyUsageFlags.DigitalSignature); Assert.Contains( identityCertificate.Extensions.OfType <X509Extension>(), e => e is X509EnhancedKeyUsageExtension enhancedKeyUsage && enhancedKeyUsage.Critical == true && enhancedKeyUsage.EnhancedKeyUsages.OfType <Oid>().Single() is Oid keyUsage && keyUsage.Value == "1.3.6.1.5.5.7.3.1"); // ASP.NET Core Identity Json Web Token signing development certificate Assert.Contains( identityCertificate.Extensions.OfType <X509Extension>(), e => e.Critical == false && e.Oid.Value == "1.3.6.1.4.1.311.84.1.2" && Encoding.ASCII.GetString(e.RawData) == "ASP.NET Core Identity Json Web Token signing development certificate"); Assert.Equal(identityCertificate.GetCertHashString(), exportedCertificate.GetCertHashString()); }